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Certificate :: = SEQUENCE 
tbsCertif icate 
s i gna t ur eAl gor i thm 
signature 



TBSCertif icate, 
Algorithmldentif ier, 
BIT STRING } 



TBSCertif icate : : = 
version 
serialNumber 
signature 
issuer 
validity 
subject 

subj ectPublicKeylnf o 
issuerUniquelD [1] 
subjectUniquelD [2] 
extensions [3] 



SEQUENCE { 

[03 Version DEFAULT vl , 

Cert if icateSerialNumber, 
Algorithmldentif ier, 
Name, 
Validity, 
Name , 

Subj ectPublicKeylnf o, 
IMPLICIT Uniqueldentif ier OPTIONAL, 
IMPLICIT Uniqueldentif ier OPTIONAL, 
Extensions OPTIONAL } 



Version 



INTEGER { vl(0), v2 (1) , v3(2) } 



Cert if icateSerialNumber 



INTEGER 



Validity : : = SEQUENCE { 
notBef ore 
notAf ter 

Time : := CHOICE { 
utcTime 
generalTime 



Time, 
Time } 



UTCTime, 

General izedTime } 



Uniqueldentif ier 



BIT STRING 



Subj ectPublicKeylnf o : := SEQUENCE { 

algorithm Algorithmldentif ier , 

subjectPublicKey BIT STRING } 

Extensions SEQUENCE SIZE (1..MAX) OF Extension 



Extension : ; = SEQUENCE { 

extnID OBJECT IDENTIFIER, 

critical BOOLEAN DEFAULT FALSE, 

extnValue OCTET STRING } 
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CertificateList ::= SEQUENCE { 

tbsCertList TBSCertList, 
signatureAlgorithm Algorithmldentifier, 
signatureValue BIT STRING } 

TBSCertList ::= SEQUENCE { 

version Version OPTIONAL, 

sig natu re Alg orith m Identifier, 

issuer Name, 

thisUpdate Time, 

nextUpdate Time OPTIONAL, 

revokedCertificates SEQUENCE OF SEQUENCE { 

userCertificate CertificateSerialNumber, 

revocationDate Time, 

crIEntryExtensions Extensions OPTIONAL 
} OPTIONAL, 

crIExtensions [0] EXPLICIT Extensions OPTIONAL 

} 
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certFingerprint ::= SEQUENCE OF SEQUENCE { 
algorithm Algorithmldentifier, 
fingerprint octet string 

} 
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